<?php
$isDebug = true;

if ($isDebug)
{
    if (!isset($_GET["username"]))
        die("DEBUG - No username given");

    if (!isset($_GET["password"]))
        die("DEBUG - No password given");
}
else
{
    if (!isset($_POST["username"]))
        die("No username found");

    if (!isset($_POST["password"]))
        die("No password found");
}

require_once "includes/db.php";

if ($isDebug)
    $sql = "SELECT user_id, user_name, user_first_name, user_last_name, user_email FROM users WHERE user_name = '" . mysql_real_escape_string($_GET['username']) . "' AND user_pass = '" . substr(md5("bla" . mysql_real_escape_string($_GET['password'])), 1) . "';";//once again...alleen voor debuggen
else	
    $sql = "SELECT user_id, user_name, user_first_name, user_last_name, user_email FROM users WHERE user_name = '" . mysql_real_escape_string($_POST['username']) . "' AND user_pass = '" . substr(md5("bla" . mysql_real_escape_string($_POST['password'])), 1) . "';";

$result = mysql_query($sql);

if (!$result) 
{
    die("6"); //Technical error (SQL)
}

if (mysql_num_rows($result) == 1) 
{
    $row = mysql_fetch_array($result);
    echo $row['user_id'] . "," . substr(md5($row['user_name'] . "b" . $row['user_first_name'] . "c" . $row['user_last_name'] . "d" . $row['user_email']), 1);
}
else
    die("5"); //Wrong credentials provided
?>